Manage privileges in Datastore

Overview

PassPort manages and controls user accounts and privileges for the Datastore platform. Datastore connects to PassPort to control:

  • User authentication
  • User rights on Datastore resources:
    • Collections and Objects
    • Folders
    • Editors
    • Specific functions such as edit, status changes, purge and so on

If the authentication and access management with PassPort has been activated for the product instance, you can use PassPort user interface to define:

  • Users and group of users
  • Roles that define a list of privileges. A user or a group of users is associated to one or several roles.
  • Privileges that authorizes actions on resources when conditions are verified.

About roles

A role groups several privileges and roles, so that they can be granted to and revoked from users simultaneously. A role must be enabled for a user before it can be used by the user.

About privileges

A privilege is a right to execute a set of actions on a Datastore resource when some conditions are met. Before you start creating privileges, you must have previously published in the Repository the Datastore resources and their configuration as well as the actions and properties used in the conditions.

About Datastore resources

Datastore resources for Axway Designer are:

  • Object Types
  • Collection Types
  • Folders
  • Editors
  • Statuses
  • Administration actions

Datastore resources for Datastore Client are Folder and Queries.

Resources are not statically defined once and for all. If you create a new Collection Type that defines a Domain property, you may want to register permissions using this Domain property. For instance, a user group with Role1 will be authorized to access the collection from "domain1" while other groups will not.

About administration resources

The user access to the Administration resources can be configured and restricted in PassPort.

The default CSD exposes an administrator role which has all authorizations in order to be able to update the configurations and view the flows executions:

Actions:

  • VIEW - View the details of the Administration resources.
  • UPDATE - Create, modify, delete resources.

Properties: TOPIC with possible values:

  • Components
  • Applications
  • Flows
  • Administration

The business user role is authorized to view events status and reports generated by the transformation

Related Links